Implementing Infrastructure for the eUniversity

1
Implementing Infrastructure for the eUniversity

• Art Vandenberg
• Director
• 404-463-9601
• Avandenberg_at_gsu.edu

Fred Przystas Project Manager 404-463-9602 Cagfwp_at_
gsu.edu
Information Systems Technology Advanced Campus
Services Georgia State University
University System of Georgia Annual Computing
ConferenceOctober 25-27, 2000
2
The eUniversity

• Why the Rush? Why Do We Need It?

3
Why the Rush?

• As universities continue to expand their customer
  base via the internet, they are reaching beyond
  their territory into YOUR territory.
• Distance is no longer a barrier as a result of
  the internet and Distance Learning.
• Playing catch-up is difficult given the rate at
  which technology and information is currently
  speeding along this virtual internet highway.

4
Why do we need the eUniversity?

• Improve the quality of University Services
• Reduction of Costs
• Open New Avenues for Revenue
• More sophisticated ways of doing business
• Enhance collaborative research
• Provide a campus portal for students to obtain
  various services

5
Major Areas of Focus

• E-academics enhanced technology learning and
  distance learning
• E-research promotes collaborative research and
  scholarly publishing

6
Major Areas of Focus

• E-business electronic administrative services,
  i.e., travel, purchasing, and supply
• E-community become a valued resource for the
  surrounding communities we serve by providing
  easy access to various online services such as
  GIL, G.L.O.B.E, and eCore?

7
How do we get there?

• Coordination Project Planning
• Cooperation Inclusion of Stakeholders
• Creativity Funding and Resources
• Consultation Hire an outside group to examine
  what you have, and what you will need to
  implement the eUniversity

8
What Else Is Needed?

• S
• E
• C
• U
• R
• I
• T
• Y

Public Key Infrastructure PKI
9
SECURITY
SAFE ENVIRONMENT
ENCRYPTED TRANSACTIONS
CERTIFICATE AUTHORITY
UNIVERSAL UNIQUE ID (UUID)
REGISTRATION AUTHORITY
IDENTIFICATION
TRUST
YOU NEED IT TO...
10
COMPETE SURVIVE!
11
Public Key Infrastructure

• Confidentiality
• Integrity
• Authentication
• Non-repudiation

12
Components of PKI

• Security Policy
• Defines Organizations Top-Level Security
• Certificate Practice Statement (CPS)
• Outlines Key Creation/Distribution and
  Certificate Issuance
• Identifies Levels of Risk

13
Components of PKI

• Certificate Authority (CA)
• Sets Expiration Dates for Digital Certificates
• Tracks Certificate Revocation Lists (CRLs)
• Issues Certificates binding identity of user or
  system to a public key with a Digital Signature
  (DS)

14
Components of PKI (Cont.)

• Registration Authority (RA)
• Interface between User and CA
• Authenticates Identity of User following Security
  Policies
• Quality of Authentication sets level of trust
  placed on certificates issued

15
Components of PKI (Cont.)

• Certificate Distribution System
• Directory Service
• User Distributed
• Enterprise PKI solution

16
Components of PKI (Cont.)

• PKI Enabled Applications
• Web Servers and Browsers
• E-mail
• Electronic Data Interchange (EDI)
• Credit card Transactions over the Internet
• Virtual Private Networks (VPNs)

17
PKI Evaluation Considerations

• Flexibility
• Interface with standard directory structures like
  Lightweight Directory Access Protocol (LDAP) and
  X.500 (DAP)
• Allow users to request certificates via e-mail
• Standard interfaces such as PKCS11 to work with
  various security tokens (example smart cards and
  hardware security models (HSMs))
• Automated RA, if needed

18
PKI Evaluation Considerations (Cont.)

• Ease of Use
• Management of PKI should be simple and not
  require a technical background to manage
• Interface should be graphical and intuitive
• Supports Security Policy
• CA/RA should be able to reflect security policies
  of organization in certificate issuance

19
PKI Evaluation Considerations (Cont.)

• Scalability
• Support for additional applications as they come
  online
• Ability to add CAs and RAs as needed to support
  organizational growth
• Ability to support increased numbers of
  certificates issued as the PKI grows

20
PKI Evaluation Considerations (Cont.)

• Interoperability
• PKI should be built to the most common commercial
  standards
• PKI should be completely open to allow for future
  integration as IT infrastructure grows
• PKI needs to be interoperable globally

21
PKI Evaluation Considerations (Cont.)

• Security of CA and RA
• CA/RA is the center of PKI and should be held in
  a tamper resistant security module
• Backup copies are essential protection for
  disaster recovery
• CA/RA system should have a secure audit trail
  that includes a time/date stamp and signature for
  each transaction
• CA should be held to the highest commercial
  standard security

22
WHAT ARE WE WAITNG FOR?

• LETS LET MIKEY TRY IT FIRST

23
Meet Mikey!
24
Taking Strategic Actions

• Advanced Campus Services CIO/Associate Provost
  Information Systems Technology creates a
  strategic unit
• Discovery of Resources educating
• Organizational Structure enabling interaction
• Performance Objectives accomplishing goals

25
Advanced Campus ServicesA Response to Ongoing
Issues

• CSO to LDAP directory conversion in the queue
  for several years
• Authentication/authorization needs
• Student email a campus pressure point
• Audit findings call for account management
• Data feeds, interfaces between application
  domains becoming increasingly complex

26
Advanced Campus ServicesEstablishing a Strategic
IT Unit

• ACS unit created February 2000
• Charged to plan and develop actions for
• University-wide directory services
• Public-private key infrastructure
• Universal email solutions
• Interfaces to one-card, library, other systems
• broad, coordinating role in the establishment of
  standards, methods and processes

27
Discovery of Resources Educating

• Aim is to find best practices
• Research resources
• Higher education groups
• Standards groups
• Industry analysts
• Application vendors
• Trade journals, News, Georgia Code...
• Internet/Libraries/People!

28
Discovery of Resources (cont.)

• Internet2 Middleware Initiative
  lthttp//www.internet2.edu/middleware/gt
• Higher Education Middleware services
• Identifiers, directories, authentication,
  authorization
• Overviews, conceptual framework, best practices,
  LDAP recipe
• Extensive links to other sites
• The Authoritative Hub for Higher Education

29
Discovery of Resources (cont.)

• CREN lthttp//www.cren.net/gt
• mission is to support higher education and
  research organizations with strategic IT
  knowledge services
• TechTalk series live audiocasts
• Interviews with technology experts real life
  scenarios
• CREN Certificate Authority initiative

30
Discovery of Resources (cont.)

• Federal PKI Technical Working Group
  lthttp//gits-sec.treas.gov/fpkitechwork.htmgt
• Providing leadership in public key and directory
  technology over last decade
• Establishing models for interoperation
• Addressing policy issues, cf. ACES
• GTRI participated in Federal Bridge CA
  demonstration project

31
Discovery of Resources (cont.)

• Net_at_Edu PKI for Networked Higher Education
  Working Group lthttp//www.educause.edu/netatedu/gr
  oups/pki/gt
• Sponsoring a series of summit meetings
• eduPerson LDAP objectclass (with Internet2)
  attributes of a higher education person
• USG Central Office personnel involved

32
Discovery of Resources (cont.)

• The Burton Group lthttp//www.tbg.com/gt
• Network infrastructure strategy consultants
• GSU subscribes to Network Strategy Service
• Conducted seminars on directories (9/1999) and
  PKI (3/2000) for USG
• TBG recommendations endorsed by ACIT
• FYI Jamie Lewis, CEO, is GSU grad

33
Discovery of Resources (cont.)

• The GartnerGroup lthttp//gartner4.gartnerweb.com/p
  ublic/static/home/home.htmlgt
• Industry consultant providing research
  highlights and analysis of industry trends
• USG subscription
• Decision Drivers service includes PKI model
• 2,800 factors related to PKI vendor evaluation
• Tool facilitates collaborative definition of
  criteria

34
Discovery of Resources (cont.)

• Internet Engineering Task Force (IETF)
  lthttp//www.ietf.org/gt
• LDAP Specifications (RFCs 2251-2256)
• Understanding and Deploying LDAP Directory
  Services, by Timothy Howes
• Author of LDAP while at U. Michigan
• Developed Netscapes LDAP directory
• Text introduces directory architecture, addresses
  life-cycle deployment, and provides case studies

35
Discovery of Resources (cont.)

• Directory Interoperability Forum
  lthttp//www.directoryforum.org/gt
• Forum established 1999, then merged in July 2000
  with...
• The Open Groups Directory Program
  lthttp//www.opengroup.org/directory/gt
• promotes open and interoperable directories
  based on open standards
• Members Cisco, HP, IBM, Microsoft, Netscape,
  Novell...
• Universal Schema Reference lthttp//home.netscape.c
  om/eng/server/directory/schema/gt
• 150 objectclasses, 600 attributes...

36
Discovery of Resources (cont.)

• SCT SUMMIT Conference for Banner Users
  lthttp//www.sctcorp.com/gt
• SCT architectural strategy includes LDAP
• CUMREC Annual Conference lthttp//www.cumrec.com/gt
• Directory, PKI sessions, networking (people)
• Senate Bill 465 (Georgia Technology Authority)
  lthttp//www.state.ga.us/cgi-bin/pub/leg/legdoc?bil
  lname1999/SB465docpartfullgt
• Legislation that includes commitment to digital
  signatures technology solutions

37
Discovery of Resources (cont.)

• Chronicle of Higher Education lthttp//chronicle.co
  m/index.htmgt
• Information Week lthttp//www.informationweek.com/n
  ewsflash/default.htmlgt
• ACM TechNews lthttp//www.acm.org/technews/current/
  homepage.htmlgt
• eUniversity news items
• distance learning, online libraries, sharing
  research facilities, mobile users, ecommerce,
  virtual classrooms...

38
Organizational Structure Enabling Interaction

• ACS - 2 staff providing broad coordinating role
  to advance the development of a university-wide
  consensus regarding directions and strategies.
• A goal is to foster interactions and encourage
  communication
• Use IETF model - working groups convened to
  address specific task

39
Organizational Structure Steering Group

• CIO his IT Directors representing
• Networks, educational technology, library
  systems, administrative applications, strategic
  planning
• Discussion and consensus process sets
• Overall scope
• Task priorities
• Resource allocation
• Liaison with University System others

40
Organizational Structure Data Stewards for GSU
Person Working Group

• Functional data stewards representing
• Human resources, student systems, affiliates,
  library, alumni, and information technology
• Reviewing eduPerson objectclass
• Mapping data sources to LDAP attributes
• Reconciliation synchronization processes
• Recommending policy
• cf. GSU Enterprise Directory Policy

41
Organizational Structure LDAP Design Technical
Working Group

• Senior technical staff Unix and Novell
• Schema design technical issues
• Implementation of the directory
• Replication synchronization
• Interfaces between directories
• Interoperability of clients
• Migration of existing directory apps sendmail
  alias forwarding, dialin authorization, PPP
  access...

42
Organizational Structure Interactions with
other groups

• April 2000 GSU, OIIT, GaTech re GartnerGroup
  Decision Drivers for PKI
• June 2000 common directory proposal becomes
  SURA response to I2 PKILabs RFP (not awarded but
  contacts good)
• August 2000 common directory proposal
  restated for Vice Chancellor OIIT
• October 2000 GSU, UGA, GIT, OIIT meet re LDAP
  directory implementation

43
Organizational Structure Mutual Interest
Common Goals

• Internet2 Middleware Initiatives Goal The
  goal is to assist in the creation of
  interoperable middleware infrastructures among
  the membership of Internet2 and related
  communities.
• 1. Make it happen...
• 2. Be an honest broker
• 3. Integrate across applications...
• 4. Interoperate between campuses
• Lets work together. says Mikey.

44
Performance Objectives Accomplishing Goals

• March 2000 ACS establishes broad objectives
  based on
• The Burton Group recommendations
• Internet2 Middleware Initiative
• Existing GSU application needs
• Expectation that as work proceeds, refinement of
  objectives will occur based on communication with
  and input of others

45
Performance Objectives (cont.)

• White Paper 6/30/2000 summarize issues for
  successful infrastructure deployment
• Take strategic enterprise approach
• Use collaboration and communication
• Leverage existing initiatives in community of
  interest
• Define PKI evaluation criteria PKI 7/15/2000
• Ambitious, but GartnerGroup Decision Drivers a
  tool
• Refined to First establish directory
  infrastructure

46
Performance Objectives (cont.)

• Define GSU common directory 8/15/2000
• Of course this is ambitious, but you need a start
• Data Stewards WG met biweekly from June 2000
• 35 core attributes mapped to data sources
• Reconciliation, prime authority issues being
  worked
• Identify collaborative opportunities 8/15/2000
• Common Directory...SURA...USG Common Directory
• Internet2 BOF? SURA BOF? U. Alabama Birmingham?
• If you dont ask, you cant get it.

47
Performance Objectives (cont.)

• Draft policy and procedure for managing GSU
  Person 9/15/2000
• Purpose and guiding principles of stewardship
• Version 1.0 policy and procedure for managing
  GSU Person 12/15/2000
• Finalize via campus review
• Documentation of identifiers, timing
  synchronization for directory, information for
  administrative account management

48
Performance Objectives (cont.)

• Identify directory infrastructure and PKI funding
  requirements sources 12/15/2000
• Timing for FY 2001 year end and FY 2002
• Coordination with USG directory strategies
• Establish account management for administrative
  applications 3/15/2001
• Each new person has accounts set up in timely
  manner
• I2-MI Identifiers, Authentication, and
  Directories Best Practices for Higher
  Education lthttp//middleware.internet2.edu/best-p
  ractices.htmlgt

49
Conclusion

• Advanced Campus Services is key to GSU strategic
  focus for enterprise directories
• Full time focus on broad coordinating role
  essential to establishing collaboration and
  consensus development of solutions
• Goal provide a strategic, competitive advantage
  to the University System community.